NotCVE - vendor:"Projectworlds" product:"Travel Management System"

4 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-51326

https://notcve.org/view.php?id=CVE-2024-51326

04 Nov 2024 — SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-51327

https://notcve.org/view.php?id=CVE-2024-51327

04 Nov 2024 — SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-29205

https://notcve.org/view.php?id=CVE-2020-29205

17 May 2021 — XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field Una vulnerabilidad de tipo cross-site scripting XSS en el formulario de registro en Project Worlds Online Examination System versión 1.0, permite a un atacante remoto inyectar código arbitrario por medio del campo field • https://github.com/projectworldsofficial/online-examination-systen-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2

CVE-2020-24203

https://notcve.org/view.php?id=CVE-2020-24203

27 Aug 2020 — Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. Permisos de Archivos No Seguros y una Carga de Archivos Arbitraria en la función upload pic en el archivo updatesubcategory.php en Projects World Travel Management System versión v1.0, permite a atacantes remotos no autenticados conseguir una ejecución de código remota • https://github.com/hyd3sec/TravelManagementSystemRCE • CWE-425: Direct Request ('Forced Browsing') CWE-434: Unrestricted Upload of File with Dangerous Type •